View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009710 | Taler | exchange | public | 2025-04-08 17:37 | 2025-04-08 19:19 |
| Reporter | Christian Grothoff | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | confirmed | Resolution | open | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | post-1.0 | ||||
| Summary | 0009710: post-kyc redirect is suboptimal | ||||
| Description | After KYC, redirected to 'thank you' page, but there may be new/further requirements on the 'main' KYC page. So instead of going to the 'thank you' page, we should redirect to the KYC info page. | ||||
| Tags | No tags attached. | ||||
|
|
There is a security issue here, which is that when the user visits the OAuth2.0 "proof" page we cannot exactly be sure it's the legitimate user (for example, the URL seems harmless and might be shared with a 3rd party by accident). In that case, we might not want to just redirect to the /kyc-info/ page where the URL includes a secret key. Or do we consider this OK? Needs security review before implementation! |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-04-08 17:37 | Christian Grothoff | New Issue | |
| 2025-04-08 17:37 | Christian Grothoff | Status | new => assigned |
| 2025-04-08 17:37 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2025-04-08 17:48 | Christian Grothoff | Target Version | 1.0 => post-1.0 |
| 2025-04-08 17:50 | Christian Grothoff | Note Added: 0024445 | |
| 2025-04-08 19:19 | Christian Grothoff | Assigned To | Christian Grothoff => |
| 2025-04-08 19:19 | Christian Grothoff | Status | assigned => confirmed |
